Mysql Error: Supplied Argument not valid. What does that mean? Help!

axman288

Getting the following error, no idea what it means or how to fix it.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/poetgos7/thebsnetwork/signup.php on line 91

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/poetgos7/thebsnetwork/signup.php on line 95
Database Problem, please contact Site admin

The corresponding PhP Code is as follows

if(mysql_num_rows(mysql_query("SELECT * FROM USERS WHERE UNICK = '$uname'"))){
$msg=$msg."User Name already exists. Please try another one<BR>";
$status= "NOTOK";}

if(mysql_num_rows(mysql_query("SELECT * FROM USERS WHERE UEMAIL = '$email'"))){
$msg=$msg."Email is already registered.  Only one account per email is allowed.<BR>";
$status= "NOTOK";}

Any ideas? Please help thanks!

big_nerd

That error is because for some reason your MySQL statement failed.

Try this:


$query = "SELECT * FROM USERS WHERE UNICK = '".mysql_real_escape_string($uname)."'";
$result = mysql_query($query) or die('MySQL Error: '.mysql_error());
if(mysql_num_rows($result){
$msg=$msg."User Name already exists. Please try another one<BR>";
$status= "NOTOK";}

$query = "SELECT * FROM USERS WHERE UEMAIL = '".mysql_real_escape_string($email)."'";
$result = mysql_query($query) or die('MySQL Error: '.mysql_error());
if(mysql_num_rows($result){
$msg=$msg."Email is already registered.  Only one account per email is allowed.<BR>";
$status= "NOTOK";}

You must trap MySQL Errors, the code given above may not be best result for production websites since it kills the website & spits out a MySQL Error.

There are lots of posts here on proper error trapping techniques, if you care to read up on it.

Also - you should NEVER trust user input - look into mysql_real_escape_string().

You should also look into Cross Site Scripting, especially if you are going to post back any user input.

axman288

cross site scripting?

Not sure what that is.

big_nerd

axman288,

A quick search resulted in:

http://en.wikipedia.org/wiki/Cross-site_scripting

There are numerous security measures you must take as a web developer when releasing things to the public.

It is in your best interest to keep up with these things - there are many ways, Do an internet search for "PHP Security" "Web Security" etc.

You can also use the this forums search feature for keywords such as "Cross Site Scripting".

Check out htmlpurifier - its an excellent project for cleaning XSS.